package cn.jbooter.shiro.autoconfigure.filter.spring_session.authc;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import cn.jbooter.coms.constants.IBaseConstants;
import cn.jbooter.shiro.autoconfigure.util.ShiroUtil;


/**
 * spring-session的rest接口的rememberMe功能拦截器
 * @author hejian
 *
 */
public class SSRestUserFilter extends AccessControlFilter {
	private static final Logger logger = LoggerFactory.getLogger(SSRestUserFilter.class);
	
	
	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
			throws Exception {
		//用户已经身份验证/记住我登录的都可
		Subject subject = getSubject(request, response);
        // If principal is not null, then the user is known and should be allowed access.
        return subject.getPrincipal() != null;
	}

	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
		logger.debug("用户拦截器访问拒绝:认证失败:"+super.getPathWithinApplication(request));
		
		String failmsg = IBaseConstants.AUTHC_FAIL_MSG;
		ShiroUtil.writeLoginFail(failmsg, (HttpServletResponse)response);
		return false;
	}

}
